USN-2414-1: KDE-Runtime vulnerability

Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript...

CVE-2014-9022

The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the "disabled" restriction and modify read-only components via a crafted form...

Rockwell Automation Connected Components Workbench RA.ViewElements.Row.1 Arbitrary Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

Rockwell Automation Connected Components Workbench RA.ViewElements.Grid.1 Arbitrary Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

Spy Planes Equipped with Dirtbox Devices Collecting Smartphone Data

The U.S. government is reportedly using spy airplanes equipped with special military-grade snooping equipment to eavesdrop on cell phone information from millions of smartphone users in U.S, according to a new report. This little device, nicknamed "Dirtbox", is being used to mimic mobile phone...

UBUNTU-CVE-2014-8438

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute...

UBUNTU-CVE-2014-0588

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute...

USN-2402-1: KDE workspace vulnerability

David Edmundson discovered that the KDE Clock KCM policykit helper did not properly guard against untrusted input. Under certain circumstances, a process running under the user's session could exploit this to run programs as the administrator...

Trove: potential leak of passwords into log files

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...

[SECURITY] Fedora 21 Update: python-django-horizon-2014.1.3-1.fc21

Horizon is a Django application for providing Openstack UI components. It allows performing site administrator viewing account resource usage, configuring users, accounts, quotas, flavors, etc. and end user operations start/stop/delete instances, create/restore snapshots, view instance VNC consol...

Apple OS X / OS X Server multiple security vulnerabilities

62 vulnerabilities in different system components...

[SECURITY] Fedora 21 Update: php-ZendFramework2-2.3.3-1.fc21

Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...

[SECURITY] Fedora 21 Update: check-mk-1.2.4p5-2.fc21

check-mk is a general purpose Nagios-plugin for retrieving data. It adopts a new approach for collecting data from operating systems and network compone nts. It obsoletes NRPE, checkbyssh, NSClient, and checksnmp and it has many benefits, the most important are a significant reduction of CPU usag...

SOL15640 - GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458

Most ARX components are based on GNU C library code. Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no...

All In One Wordpress FW 3.8.3 - Persistent Vulnerability

Document Title: =============== All In One Wordpress FW 3.8.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date: ============= 2014-09-29 Vulnerability Laboratory ID VL-ID: ====================================...

All In One Wordpress FW 3.8.3 - Persistent Vulnerability

Document Title: =============== All In One Wordpress FW 3.8.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date: ============= 2014-09-29 Vulnerability Laboratory ID VL-ID: ====================================...

[SECURITY] Fedora 21 Update: check-mk-1.2.4p5-1.fc21

check-mk is a general purpose Nagios-plugin for retrieving data. It adopts a new approach for collecting data from operating systems and network compone nts. It obsoletes NRPE, checkbyssh, NSClient, and checksnmp and it has many benefits, the most important are a significant reduction of CPU usag...

[SECURITY] Fedora 20 Update: check-mk-1.2.4p5-1.fc20

check-mk is a general purpose Nagios-plugin for retrieving data. It adopts a new approach for collecting data from operating systems and network compone nts. It obsoletes NRPE, checkbyssh, NSClient, and checksnmp and it has many benefits, the most important are a significant reduction of CPU usag...

Cannot Register Management Service. The Specified Service Has Been Marked for Deletion.

Challenge A Backup or Replication job using Application-Aware Processing fails with an error similar to: Failed to prepare VM for processing: Unable to perform installation Unable to register and start service. Attempt 10 of 10 Cannot register management service. Service name: VeeamVssSupport...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...